[Dnssec-trigger] dhclient-exit-hooks support

Thomas Jost schnouki at schnouki.net
Tue Apr 15 07:15:51 UTC 2014

Le 15 avril 2014 à 04:07 CEST, Xavier Belanger <nlnetlabs at belanger.fr> a
écrit :
> Hi,
>> Has anyone created /etc/dhclient-exit-hooks support for
>> dnssec-trigger?  One of my desktops isn't using NetworkManager because
>> it is doing bridging, bonding, VLANs, and all sorts of other fancy
>> stuff via the Fedora network scripts that NetworkManager didn't
>> support until recently.  I don't need VPN support, just a way to
>> inject DHCP provided DNS forwarders (and maybe domain as well).
> Sort of. Long time ago I have wrote a couple of scripts to use
> unbound and dnssec-trigger on Slackware (before NetworkManager get
> included in that distro).
> Here are the steps:
>  - modify dhcpcd.conf to add the option 'resolv.conf' to the 'nohook'
> command. That way dhcpcd will not try to change /etc/resolv.conf.
>  - add a dhcpcd hook script to send the DNS servers provided
> by the local DHCP server to Unbound or (especially during the system boot)
> store the DNS servers into a temporary file.
>  - in the dnssec-trigger startup script look for the temporary
> file and load the DNS servers into the Unbound configuration.
> It's far from perfect or even reliable, not heavily tested, but it works.
> Files are here: http://www.ellendhel.net/fichiers/dnssec-slackware.zip
> The most useful to you should be '25-dnssec-trigger'.
> And there is a more detailled blog post, but in French:
>  [ http://www.ellendhel.net/article.php?ref=2011+12+24-0 ]
> I don't have any experience with Fedora so you will probably need
> to adjust the files locations.
> Sincerely.
> -- 
> Xavier Belanger
> _______________________________________________
> dnssec-trigger mailing list
> dnssec-trigger at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger

Hi there,

If it can be of any use, I have a similar setup on Arch Linux. After
installing unbound and dnssec-trigger, I just added a hook in
/usr/lib/dhcpcd/dhcpcd-hooks, and changed the dnssec-triggerdd.service
file (for systemd).

This setup is described here:

Hope this helps.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20140415/e3f641b5/attachment.bin>

More information about the dnssec-trigger mailing list